From 19ab758d2793282c59b464b9cd8cd972236efbb3 Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Wed, 8 Mar 2023 16:17:01 +0100
Subject: [PATCH 1/2] Show more meaningful errormessages for API

fixes #100
---
 .../tasks/elasticsearch-security.yml          | 30 +++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/roles/elasticsearch/tasks/elasticsearch-security.yml b/roles/elasticsearch/tasks/elasticsearch-security.yml
index eee28cfa..d4dca6ea 100644
--- a/roles/elasticsearch/tasks/elasticsearch-security.yml
+++ b/roles/elasticsearch/tasks/elasticsearch-security.yml
@@ -589,17 +589,43 @@
     - renew_ca
     - renew_es_cert
 
+- name: Fail if API can't be queried with elastic password
+  fail:
+    msg: "Elasticsearch API can't be queried with elastic user (status: {{ es_cluster_status.stdout }}"
+  when:
+    - es_cluster_status.stdout is defined
+    - es_cluster_status.stdout not in [ "green", "yellow", "red" ]
+    - groups['elasticsearch'] | length > 1
+  tags:
+    - notest
+
+- name: Fail if API can't be queried with bootstrap password
+  fail:
+    msg: "Elasticsearch API can't be queried with bootstrap password (status: {{ es_cluster_status_bootstrap.stdout }})"
+  when:
+    - es_cluster_status_bootstrap.stdout is defined
+    - es_cluster_status.stdout not in [ "green", "yellow", "red" ]
+    - and groups['elasticsearch'] | length > 1
+  tags:
+    - notest
+
 - name: Fail if cluster is not ready yet
   fail:
     msg: "Elasticsearch cluster is not ready (status: {{ es_cluster_status.stdout }} , yet. Please rerun again later."
-  when: es_cluster_status.stdout is defined and es_cluster_status.stdout != "green" and groups['elasticsearch'] | length > 1
+  when:
+    - es_cluster_status.stdout is defined
+    - es_cluster_status.stdout != "green"
+    - groups['elasticsearch'] | length > 1
   tags:
     - notest
 
 - name: Fail if cluster is not ready yet (bootstrap password)
   fail:
     msg: "Elasticsearch cluster is not ready (status: {{ es_cluster_status_bootstrap.stdout }}), yet. Please rerun again later."
-  when: es_cluster_status_bootstrap.stdout is defined and es_cluster_status_bootstrap.stdout != "green" and groups['elasticsearch'] | length > 1
+  when:
+    - es_cluster_status_bootstrap.stdout is defined
+    - es_cluster_status_bootstrap.stdout != "green"
+    - and groups['elasticsearch'] | length > 1
   tags:
     - notest
 

From c1eda39be165c0ccbc0f73e392fdcd5f29f9dd8e Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Wed, 8 Mar 2023 17:06:50 +0100
Subject: [PATCH 2/2] Improve waiting for Elasticsearch cluster

fixes #95
---
 .../tasks/elasticsearch-security.yml          | 46 +++----------------
 1 file changed, 6 insertions(+), 40 deletions(-)

diff --git a/roles/elasticsearch/tasks/elasticsearch-security.yml b/roles/elasticsearch/tasks/elasticsearch-security.yml
index d4dca6ea..0fcc3e95 100644
--- a/roles/elasticsearch/tasks/elasticsearch-security.yml
+++ b/roles/elasticsearch/tasks/elasticsearch-security.yml
@@ -560,6 +560,9 @@
   changed_when: false
   no_log: true
   when: not elasticsearch_passwords_file.stat.exists | bool
+  until: es_cluster_status_bootstrap.stdout == "green"
+  retries: 5
+  delay: 10
 
 - name: Fetch Elastic password
   shell: grep "PASSWORD elastic" {{ elastic_initial_passwords }} | awk {' print $4 '}
@@ -580,6 +583,9 @@
   no_log: true
   ignore_errors: "{{ ansible_check_mode }}"
   when: elasticsearch_passwords_file.stat.exists | bool
+  until: es_cluster_status.stdout == "green"
+  retries: 5
+  delay: 10
 
 - name: Check for open port 9200/tcp
   wait_for:
@@ -589,46 +595,6 @@
     - renew_ca
     - renew_es_cert
 
-- name: Fail if API can't be queried with elastic password
-  fail:
-    msg: "Elasticsearch API can't be queried with elastic user (status: {{ es_cluster_status.stdout }}"
-  when:
-    - es_cluster_status.stdout is defined
-    - es_cluster_status.stdout not in [ "green", "yellow", "red" ]
-    - groups['elasticsearch'] | length > 1
-  tags:
-    - notest
-
-- name: Fail if API can't be queried with bootstrap password
-  fail:
-    msg: "Elasticsearch API can't be queried with bootstrap password (status: {{ es_cluster_status_bootstrap.stdout }})"
-  when:
-    - es_cluster_status_bootstrap.stdout is defined
-    - es_cluster_status.stdout not in [ "green", "yellow", "red" ]
-    - and groups['elasticsearch'] | length > 1
-  tags:
-    - notest
-
-- name: Fail if cluster is not ready yet
-  fail:
-    msg: "Elasticsearch cluster is not ready (status: {{ es_cluster_status.stdout }} , yet. Please rerun again later."
-  when:
-    - es_cluster_status.stdout is defined
-    - es_cluster_status.stdout != "green"
-    - groups['elasticsearch'] | length > 1
-  tags:
-    - notest
-
-- name: Fail if cluster is not ready yet (bootstrap password)
-  fail:
-    msg: "Elasticsearch cluster is not ready (status: {{ es_cluster_status_bootstrap.stdout }}), yet. Please rerun again later."
-  when:
-    - es_cluster_status_bootstrap.stdout is defined
-    - es_cluster_status_bootstrap.stdout != "green"
-    - and groups['elasticsearch'] | length > 1
-  tags:
-    - notest
-
 - name: Create initial passwords
   shell: >
     /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto -b >